You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

No programs will run; "view & track downloads" pop-up

I am new here, so I appologize if I leave out some important information. I did read the thread about what you're supposed to do before posting, but a lot of it did not apply to me as I cannot open any programs. My mom brought me her laptop tonight because her Internet Explorer was not working correctly. Once I started the computer, it turns out that NONE of the programs are working correctly. Everytime I try to run a program, a pop-up window appears called "View and Track Downloads." The program that was attempted to be opened is listed with an .exe extension and there is the option to run or save. Even if you try to run or save it, another entry appears for the same program in the pop-up. This happens with every program I've tried to open.

However, unlike the above thread, there were no fake anti-virus programs or anything of that nature installed. Basically she uses the computer for Pinterest and Youtube and that's about it. She is running Windows 7.

BC AdBot (Login to Remove)

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

A small box will open, with an explanation about the tool. No input is needed, the scan is running.

Notepad will open with the results.

Follow the instructions that pop up for posting the results.

Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

I was able to perform a system restore from an earlier date. When it was finished, some kind of error message popped up and then the computer restarted (too quickly for me to read the message). Now, the desktop icons look normal and I can open programs.

However, on start-up I get 13 pop-up boxes saying "Windows can't open this file: [name of file] To open this file, Windows needs to know what program you want to use to open it. Windows can go online to look it up automatically, or yu can manually select from a list of programs that are on the computer. What do you want to do?" All of the files listed have the .exe extension. I attempted to run the DDS program to give you a log, but I get the same pop-up box except in the file name it says "dds.com".

I also get another pop-up that says "C:\windows\system32\icacls.exe This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel."

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.

Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.

Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.

Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.

If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).

The scan may take some time to finish,so please be patient.

If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.

While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.

The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.===

If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click the Scan button and wait for the process to complete.

Check off the element(s) you wish to keep.

Click on the Clean button follow the prompts.

A log file will automatically open after the scan has finished.

Please post the content of that log file with your next answer.

You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

===

Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Last night when I shut the computer down about 15 Windows updates installed. When I turned it back on again today to follow your instructions I can no longer open any programs, including internet browsers. Each time I try to open a program I get the pop-up that says:

"Windows can't open this file: [name of file] To open this file, Windows needs to know what program you want to use to open it. Windows can go online to look it up automatically, or you can manually select from a list of programs that are on the computer. What do you want to do?"

I get several of these upon start up as well. I am unable to download or run any of the programs that you suggested above.

Download these two rkill programs to a flash or CD drive.Copy the file to the desktop or the C:\ drove of the problem computer and post one log if you can.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)There are 2 different versions. If one of them won't run then download and try to run the other one.Vista and Win7 users need to right click and choose Run as AdminYou only need to get one of them to run, not all of them.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.

Yay! Finally something worked. I downloaded the programs to a flash drive from another computer and put the programs on the infected desktop. I was able to run rkill.scr. I pasted the log back to the flash drive. Here it is:

Error: (05/22/2014 08:09:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17041 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1034

Start Time: 01cf76235ac6b0ac

Termination Time: 16

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: cceb994a-e216-11e3-9788-00245477f2bf

Error: (05/15/2014 09:10:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/15/2014 09:10:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Quoted from the page."In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:http://www.oracle.com/technetwork/java/javase/downloads/index.html

Get the latest version of the Adobe Reader.http://get.adobe.com/reader/Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.<<<>>>

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.

In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.A tutorial on using MBAM can be found here.Please Note: Only the paid for version has real time capabilities.

SpywareBlasterA tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:

WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.

Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.